I'd think this would be a good idea, if, and *only* if, the following requirements can be met:
* Non-commercial entities get root certs for free
I'd define "non-commercial" as "not making money", not as
"tax-exempt". I.e. If you sell services, but don't make profit,
you're commencial, e.g. Mozilla Foundation itself would count as
"commercial". Exceptions allowed, e.g. if certs are sold for a
good purpose (Amnesty International, Religions, whatever).
* Paying does not increase the likelyness of inclusion
This requires the people assessing the CA on behalf of Mozilla
Foundation to be honest to themselves and the users. I would trust
probably Frank and Gerv with that. If you want to remove doubts,
use a third-party to make the assessment and decision, who has no
interest in Mozilla Foundation getting money, e.g. me or even a
person from a competing, non-commercial CA.This would hurt nobody:
* Commercial CAs had to pay for Netscape so far and still have to
pay Microsoft (as I understood), so it's business as usual for them
* Non-commercial CAs, which had no chance so far, get certs for free
* It conflicts with nobody's business interests in the Mozilla
community (*unlike* Mozilla Foundation offering support and
development services to companies, which conflicts with e.g. me)
* Users' interests should be guarded by the "no monetary influence"
rule, if it can be assuredVeriSign is in the money making machine business. Let's not let them do that for free, but get some of the money they press.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
